Certified Information Systems Auditor (CISA) — Question 354

During an audit of an organization's financial statements, an IS auditor finds that the IT general controls are deficient. What should the IS auditor recommend?

Answer options

• A. Increase the compliance testing of the application controls.
• B. Place greater reliance on the application controls.
• C. Increase the substantive testing of the financial balances.
• D. Place greater reliance on the framework of control.

Correct answer: C

Explanation

The correct answer is C because increasing substantive testing allows the auditor to gather more evidence regarding the accuracy of the financial balances in light of the identified deficiencies in IT general controls. The other options do not address the weaknesses in the general controls directly and may lead to an increased risk of material misstatement.